CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2023-50939 – IBM PowerSC information Disclosure
https://notcve.org/view.php?id=CVE-2023-50939
IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 275129. IBM PowerSC 1.3, 2.0 y 2.1 utiliza algoritmos criptográficos más débiles de lo esperado que podrían permitir a un atacante descifrar información altamente confidencial. ID de IBM X-Force: 275129. • https://exchange.xforce.ibmcloud.com/vulnerabilities/275129 https://www.ibm.com/support/pages/node/7113759 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-1098 – Rebuild proxy-download QiniuCloud.getStorageFile information disclosure
https://notcve.org/view.php?id=CVE-2024-1098
The manipulation of the argument url leads to information disclosure. ... Mittels dem Manipulieren des Arguments url mit unbekannten Daten kann eine information disclosure-Schwachstelle ausgenutzt werden. • https://vuldb.com/?ctiid.252455 https://vuldb.com/?id.252455 https://www.yuque.com/mailemonyeyongjuan/tha8tr/ouiw375l0m8mw5ls • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2024-22236
https://notcve.org/view.php?id=CVE-2024-22236
In Spring Cloud Contract, versions 4.1.x prior to 4.1.1, versions 4.0.x prior to 4.0.5, and versions 3.1.x prior to 3.1.10, test execution is vulnerable to local information disclosure via temporary directory created with unsafe permissions through the shaded com.google.guava:guava dependency in the org.springframework.cloud:spring-cloud-contract-shade dependency. • https://spring.io/security/cve-2024-22236 • CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2023-46230 – Sensitive Information Disclosure to Internal Log Files in Splunk Add-on Builder
https://notcve.org/view.php?id=CVE-2023-46230
In Splunk Add-on Builder versions below 4.1.4, the app writes sensitive information to internal log files. En las versiones de Splunk Add-on Builder inferiores a 4.1.4, la aplicación escribe información confidencial en archivos de registro internos. • https://advisory.splunk.com/advisories/SVD-2024-0111 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.5EPSS: 14%CPEs: 4EXPL: 1CVE-2024-24565 – CrateDB database has an arbitrary file read vulnerability
https://notcve.org/view.php?id=CVE-2024-24565
CrateDB is a distributed SQL database that makes it simple to store and analyze massive amounts of data in real-time. There is a COPY FROM function in the CrateDB database that is used to import file data into database tables. This function has a flaw, and authenticated attackers can use the COPY FROM function to import arbitrary file content into database tables, resulting in information leakage. • https://github.com/crate/crate/commit/4e857d675683095945dd524d6ba03e692c70ecd6 https://github.com/crate/crate/security/advisories/GHSA-475g-vj6c-xf96 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •